SSL Certificate – An SSL Certificate is required for any URL through which sensitive data will be transmitted. This includes credit card information. Xetex Tech Support will assist you in the purchasing and application of the certificate. We do not charge any additional fee for this service. The only cost to the distributor is the price of the certificate itself.
NOTE: An SSL certificate must be present to accept credit card information on an E-Commerce site. This is a common oversight. All credit card options can be correctly addressed and yet still the functions will not appear on the live site until an SSL certificate is present.
GO > E-Commerce > Actions > Customer Setup
Enter the Master Customer code, and click on the Credit Card Information button.
For each Master Customer, you will need to enter which credit cards you will accept. This will likely already be established by your company’s existing policies.
Processing Credit Cards – It is important to decide how you will process credit card payments related to E-Commerce transactions. The SSL certificate we discussed earlier ensures the security of the credit card data while on the web and transmitting to Xebra, but it does not go beyond that.
External Processing – When processing a credit card payment outside of Xebra, any data gathered via an E-Commerce site will import into Xebra as a text file accompanying the order, fully accessible by the operator. The operator then would be responsible for entering that information into an external terminal for authorizing and settling. This method exposes the customer’s credit card information.
Internal Processing – If you are using one of the several available methods for processing credit cards directly through Xebra, you will still receive the customer’s credit card information but it will now be partially obscured and there will be no need for the operator to manually address it. All the data will be kept encrypted and follow the order through processing in Xebra. Note: Many companies, both distributors and end users, are concerned with PCI compliance today. PCI compliance refers to credit card security and requires that there be no time that the credit card information is “exposed”. Internal processing of credit cards is the only method to ensure PCI compliance.
For additional information, please see the Credit Card Information section in the next chapter.